Last week, a tremor went through the WordPress community. Without warning, Apache banned the license for React.js, the JavaScript standard that is set to be integrated into the WordPress core in the medium term. We also look at the dangers of cross-site scripting. And we clear up a well-known myth in connection with CDNs.
Cross-site scripting - How hackers can hijack your website
XSS, SQL injection, XMLrpc - the descriptions of WordPress security updates are teeming with cryptic abbreviations. Even if it's clear that the updates are necessary, it's nice to know what's actually behind the jumble of letters. After all, it's about your business. That's why we'll show you how cross-site scripting (XSS for short) works in our latest post. Cross-site scripting is not only particularly widespread, but also particularly insidious. If hackers find such a vulnerability, they can inject malicious code into your (!) site and misuse it to harm your users.
Performance News
CDNs are not a "unicorn magic solution"
Content Delivery Networks (CDNs) are computer networks that are distributed all over the world. They ensure that your content can also be delivered quickly in Australia or the USA. But there is one thing a CDN is not: a performance hack for your website. Our colleague Ernesto Ruge has all the background information on this topic.
Which PHP version is your site running on?
Most WordPress sites (40.4%) run on PHP 5.6, even though PHP 7 can make your site up to twice as fast. The fact that only just over two percent of all WordPress sites currently use the latest PHP standard is a huge problem that the PHP Core team has also addressed.
Security News
How secure are free themes?
No, they are of course not inherently less secure than paid themes. But regardless of whether they are free or "premium", there are a few things to consider when choosing a theme when it comes to security. Our colleagues at Torque show you what you need to look out for and which tools can help you with the analysis.
Adobe: No more Flash updates in 2020
Adobe has announced that it will discontinue support and updates for Flash in 2020, as its use has steadily declined in recent years. In the largest browsers, such as Chrome, users have had to actively agree to view Flash content since last year. "This trend reveals that sites are migrating to open web technologies, which are faster and more power-efficient than Flash. They're also more secure, so you can be safer while shopping, banking, or reading sensitive documents," says Google Chrome Product Manager Anthony Laforge about Adobe's announcement.
WordPress News
Apache bans Facebook license
The Apache Software Foundation has banned the use of Facebook's "BSD+Patents license" for Apache WordPress projects. However, Facebook runs its React project, among others, under exactly this license. As React is currently seen as the most promising candidate for the new WordPress JS framework, the ban on the license has reignited the React debate in the WP community. If the license dispute had broken out after the integration of React, millions of sites would probably not have worked for days. This danger is also clearly articulated in the community: "Facebook license is really not open source. Code released under that license has no place in core."
Regional WordCamps
The core team discussed the expectations and framework conditions for regional WordCamps. Nothing should actually stand in the way of these, but the topic currently raises more questions than answers. For example, it must first be clarified how a region defines itself and what the concrete planning and implementation should look like on site.